From patchwork Wed Nov 21 12:46:23 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [v2] Don't double free cfg struct if netlink_init fails
Date: Wed, 21 Nov 2012 02:46:23 -0000
From: Pontus Fuchs <pontus.fuchs@gmail.com>
X-Patchwork-Id: 200679
Message-Id: <1353501983-25035-1-git-send-email-pontus.fuchs@gmail.com>
To: j@w1.fi,
	hostap@lists.shmoo.com

If netlink_init fails on socket create or bind the cfg struct
provided as parameter is freed by netlink_init. Callers of
netlink_init also frees this struct on their error paths leading
to double free.

Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>

---
V2 - Fix typo in signoff.

 src/drivers/netlink.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/drivers/netlink.c b/src/drivers/netlink.c
index dd662f3..76b3f30 100644
--- a/src/drivers/netlink.c
+++ b/src/drivers/netlink.c
@@ -97,7 +97,6 @@ struct netlink_data * netlink_init(struct netlink_config *cfg)
 	if (netlink == NULL)
 		return NULL;
 
-	netlink->cfg = cfg;
 
 	netlink->sock = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
 	if (netlink->sock < 0) {
@@ -118,6 +117,7 @@ struct netlink_data * netlink_init(struct netlink_config *cfg)
 		return NULL;
 	}
 
+	netlink->cfg = cfg;
 	eloop_register_read_sock(netlink->sock, netlink_receive, netlink,
 				 NULL);